Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

dylan00005's avatar

Auth Login shows 419 page expired on POST request

Hey folks,

I've been getting a 419 page expired error when trying to log in to my system. I by default enabled the middleware auth to the root route so that the first page that comes up is the login page. However, when putting my credentials and submitting the form, the system does not log in and instead shows a 419 error I mentioned in the beginning. Is there any insight on this problem?

Things I've tried:

  1. I put a @csrf tag inside the login form
  2. Referenced the token in the meta tag within the header of the master blade so that all pages can have the token
  3. Gave permissions to the storage folder on my pc
  4. Cleared cache and cookies in the browser

None of these solutions worked for me. Appreciate any help!

0 likes
7 replies
ftiersch's avatar
  1. Does it work if you comment out the VerifyCsrf middleware in the Kernel.php?
  2. If yes, do your sessions work properly? CSRF saves the token in the session so if they don't work it won't find the token to compare. What sessiondriver are you using?
skoobi's avatar

I think this is the same as what i had on an app previously. But what i done was catch the error in the Handler.php file and then redirect back with a message.

public function render($request, Exception $e)
    {

        if ($e instanceof \Illuminate\Session\TokenMismatchException)
        {
            return redirect()
                    ->back()
                    ->withInput($request->except('password'))
                    ->with([
                        'status' => 'Oops! Your Validation Token has expired. Please try again',
                        'alert' => 'danger']);
        }   

        return parent::render($request, $e);
    }
2 likes
dylan00005's avatar

@FTIERSCH - Hey man, yes, it does work when I comment the VerifyCsrf middleware line in the kernel.php file. I'm using the 'file' session driver. Is that possibly a starting point to find the root cause?

dylan00005's avatar

@SKOOBI - Sounds like a good workaround. Where do you redirect after catching the exception?

dylan00005's avatar

So I tried to get my app running on a Windows Environment with XAMPP and it works just fine without any changes made to the code. Could it be possible this issue is related to the way XAMPP runs on MAC OS? or permissions? I enabled the Write & Read permission to Everyone on htdocs folder but still getting this error.

dylan00005's avatar
dylan00005
OP
6 years ago
Best Answer
Level 1

Long story short... turns out that the REAL issue here is the fact I was using a virtual machine version of XAMPP which was mounting a nfs drive to my local computer... and preventing access to all files in the laravel application. Not 100% sure how the vm works or even how to tie it up with a local computer BUT I just switched to a normal desktop installation of XAMPP on my mac and then gave it some write & read permissions to the htdocs folder and boom!! all of the sudden the error went away!

1 like
phpman's avatar

I used answer from @skoobi with minor changes: -Changed variable $e for $exception, this is the current variable name. -Filter by request path "login" and method "POST" , so it wont affect all calls.

Please or to participate in this conversation.